<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第214期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第214期）</strong></h5>
<blockquote> 2018/04/02-2018/04/08</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>Gartner报告：全球网络安全产业规模发展情况及趋势预测<br><a target="_blank" href="https://mp.weixin.qq.com/s/_jOALqJB4aVpaM25rjN5Yg">https://mp.weixin.qq.com/s/_jOALqJB4aVpaM25rjN5Yg</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>诸葛建伟 段海新：网络泥淖的“蓝莲花”<br><a target="_blank" href="http://v.iqilu.com/sdws/wzshsdr/201803/31/4523580.html?from=timeline&amp;isappinstalled=0">http://v.iqilu.com/sdws/wzshsdr/201803/31/4523580.html?from=timeline&amp;isappinstalled=0</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>公安机关互联网安全监督检查规定（征求意见稿）<br><a target="_blank" href="https://mp.weixin.qq.com/s/Ytp3J2ZRRZTGB8QMu4EiIA">https://mp.weixin.qq.com/s/Ytp3J2ZRRZTGB8QMu4EiIA</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>美国MITRE评估APT侦测产品，假想敌是中国<br><a target="_blank" href="https://mp.weixin.qq.com/s/ImXILnFVgmYgQPf009TYeA">https://mp.weixin.qq.com/s/ImXILnFVgmYgQPf009TYeA</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Bitcoin and Cryptocurrency Tracking with the ELK Stack<br><a target="_blank" href="https://logz.io/blog/cryptocurrency-tracking-elk-stack/?from=timeline&amp;isappinstalled=0">https://logz.io/blog/cryptocurrency-tracking-elk-stack/?from=timeline&amp;isappinstalled=0</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>0CTF 2018 Quals Bl0g writeup<br><a target="_blank" href="https://blog.cal1.cn/post/0CTF%202018%20Quals%20Bl0g%20writeup">https://blog.cal1.cn/post/0CTF%202018%20Quals%20Bl0g%20writeup</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Exim Off-by-one(CVE-2018-6789)漏洞复现分析 <br><a target="_blank" href="http://0x48.pw/2018/03/30/0x42/">http://0x48.pw/2018/03/30/0x42/</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>CanSecWest 2018 Files<br><a target="_blank" href="https://cansecwest.com/csw18archive.html">https://cansecwest.com/csw18archive.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>打造一款自动扫描全网漏洞的扫描器<br><a target="_blank" href="http://mp.weixin.qq.com/s/OFD821QhL0sjmXerqgPyCQ">http://mp.weixin.qq.com/s/OFD821QhL0sjmXerqgPyCQ</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>0CTF 2018 EZDOOR(WEB) Writeup<br><a target="_blank" href="https://www.cdxy.me/?p=790">https://www.cdxy.me/?p=790</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>从长亭的wiki上获取我想要的数据<br><a target="_blank" href="https://mp.weixin.qq.com/s/xpClaDBOtIERwTUv3sbPvg">https://mp.weixin.qq.com/s/xpClaDBOtIERwTUv3sbPvg</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>CVE-2018-1270 Remote Code Execution with spring-messaging<br><a target="_blank" href="http://www.polaris-lab.com/index.php/archives/501/">http://www.polaris-lab.com/index.php/archives/501/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>APP漏洞之WebView File域同源策略绕过漏洞<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-37204-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-37204-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>代码审计之SQL二次编码注入漏洞实例（附tamper脚本）<br><a target="_blank" href="https://mp.weixin.qq.com/s/5lzvyD1V7ligf_JsKrglMA">https://mp.weixin.qq.com/s/5lzvyD1V7ligf_JsKrglMA</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>路由器漏洞分析第五弹：CVE-2018-5767路由器远程代码执行<br><a target="_blank" href="http://www.freebuf.com/articles/wireless/166869.html">http://www.freebuf.com/articles/wireless/166869.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP代码审计菜鸟笔记（一）<br><a target="_blank" href="https://sosly.me/index.php/2018/04/02/php_daimashenji1/">https://sosly.me/index.php/2018/04/02/php_daimashenji1/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>简单粗暴的文件上传漏洞<br><a target="_blank" href="http://mp.weixin.qq.com/s/e1jy-DFOSROmSvvzX_Ge5g">http://mp.weixin.qq.com/s/e1jy-DFOSROmSvvzX_Ge5g</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>代码审计之CLTPHP_v5.5.3前台XML外部实体注入漏洞<br><a target="_blank" href="https://mp.weixin.qq.com/s/UBBeo4PeCunF6XxdvlbF0Q">https://mp.weixin.qq.com/s/UBBeo4PeCunF6XxdvlbF0Q</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>HUNT：HUNT Proxy Burp Suite  Extension<br><a target="_blank" href="https://github.com/bugcrowd/HUNT">https://github.com/bugcrowd/HUNT</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>基于SYLK文件传播Orcus远控木马样本分析<br><a target="_blank" href="http://www.freebuf.com/articles/system/167141.html">http://www.freebuf.com/articles/system/167141.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>由MetInfo 深入理解PHP变量覆盖漏洞<br><a target="_blank" href="https://mp.weixin.qq.com/s/I7tEDv12e65KI93TCXN8Ug">https://mp.weixin.qq.com/s/I7tEDv12e65KI93TCXN8Ug</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Apache Log View 5.37破解笔记<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-37208-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-37208-1-1.html?from=sec</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>5G网络安全白皮书<br><a target="_blank" href="https://mp.weixin.qq.com/s/ReymClMeHOmx1_EjqOUZUg">https://mp.weixin.qq.com/s/ReymClMeHOmx1_EjqOUZUg</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>渗透测试神器Cobalt Strike使用宝典<br><a target="_blank" href="http://www.freebuf.com/company-information/167460.html">http://www.freebuf.com/company-information/167460.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>使用Django编写简易测试报告生成器<br><a target="_blank" href="http://www.freebuf.com/sectool/166605.html">http://www.freebuf.com/sectool/166605.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>知识图谱与认知智能<br><a target="_blank" href="http://kw.fudan.edu.cn/resources/ppt/workshop2018/%E7%9F%A5%E8%AF%86%E5%9B%BE%E8%B0%B1%E4%B8%8E%E8%AE%A4%E7%9F%A5%E6%99%BA%E8%83%BD.pdf">http://kw.fudan.edu.cn/resources/ppt/workshop2018/%E7%9F%A5%E8%AF%86%E5%9B%BE%E8%B0%B1%E4%B8%8E%E8%AE%A4%E7%9F%A5%E6%99%BA%E8%83%BD.pdf</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Python工具分析风险数据<br><a target="_blank" href="http://mp.weixin.qq.com/s/46f1WM_1xDgxzwxqGmFJNQ">http://mp.weixin.qq.com/s/46f1WM_1xDgxzwxqGmFJNQ</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>我们来聊一聊渗透测试<br><a target="_blank" href="http://mp.weixin.qq.com/s/w2TG-Wsnee7A2zNqe6d-nw">http://mp.weixin.qq.com/s/w2TG-Wsnee7A2zNqe6d-nw</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>低成本打造一个高性能的外网Metasploit<br><a target="_blank" href="http://www.freebuf.com/articles/network/166702.html">http://www.freebuf.com/articles/network/166702.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>CSRF攻击与防御<br><a target="_blank" href="https://www.cnblogs.com/phpstudy2015-6/p/6771239.html">https://www.cnblogs.com/phpstudy2015-6/p/6771239.html</a></div><div class="single"><span id="tags">[论文]&nbsp;&nbsp;</span>区块链的网络安全: 威胁与对策<br><a target="_blank" href="http://jcs.iie.ac.cn/ch/reader/create_pdf.aspx?file_no=20180207&amp;flag=1&amp;year_id=2018&amp;quarter_id=2">http://jcs.iie.ac.cn/ch/reader/create_pdf.aspx?file_no=20180207&amp;flag=1&amp;year_id=2018&amp;quarter_id=2</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Vulnerability Modeling with Binary Ninja <br><a target="_blank" href="https://blog.trailofbits.com/2018/04/04/vulnerability-modeling-with-binary-ninja/">https://blog.trailofbits.com/2018/04/04/vulnerability-modeling-with-binary-ninja/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Linux无文件渗透执行ELF<br><a target="_blank" href="https://mp.weixin.qq.com/s/SdR6ce9xjbS5UQbh14kfgg">https://mp.weixin.qq.com/s/SdR6ce9xjbS5UQbh14kfgg</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>POC-Collect: 各种开源CMS的漏洞及EXP<br><a target="_blank" href="https://github.com/Mr5m1th/POC-Collect">https://github.com/Mr5m1th/POC-Collect</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>细节决定成败-WIFI新玩法<br><a target="_blank" href="http://mp.weixin.qq.com/s/_4x2MXe2Q-oOd_qZv0bafQ">http://mp.weixin.qq.com/s/_4x2MXe2Q-oOd_qZv0bafQ</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>深入探索Cobalt Strike的ExternalC2框架<br><a target="_blank" href="https://xz.aliyun.com/t/2239">https://xz.aliyun.com/t/2239</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>sqlmap time-based inject 分析<br><a target="_blank" href="http://blog.wils0n.cn/archives/178/">http://blog.wils0n.cn/archives/178/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>新手指南：Bwapp之XSS –stored<br><a target="_blank" href="http://mp.weixin.qq.com/s/KJKAqBOm6zRokHioPG8c5g">http://mp.weixin.qq.com/s/KJKAqBOm6zRokHioPG8c5g</a></div><div class="single"><span id="tags">[论文]&nbsp;&nbsp;</span>IT and Information Security Cheat Sheets<br><a target="_blank" href="https://zeltser.com/cheat-sheets/">https://zeltser.com/cheat-sheets/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Automated Security Testing For REST API&#039;s<br><a target="_blank" href="https://github.com/flipkart-incubator/astra">https://github.com/flipkart-incubator/astra</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>Stealing Credit Cards from FUZE via Bluetooth<br><a target="_blank" href="https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html">https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Fake AV Investigation Unearths KevDroid, New Android Malware<br><a target="_blank" href="http://blog.talosintelligence.com/2018/04/fake-av-investigation-unearths-kevdroid.html">http://blog.talosintelligence.com/2018/04/fake-av-investigation-unearths-kevdroid.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>HowTo: ExploitDev Fuzzing<br><a target="_blank" href="https://hansesecure.de/howto-exploitdev-fuzzing/">https://hansesecure.de/howto-exploitdev-fuzzing/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP代码审计菜鸟笔记（二）<br><a target="_blank" href="https://sosly.me/index.php/2018/04/03/php_daimashenji2/">https://sosly.me/index.php/2018/04/03/php_daimashenji2/</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>Exploiting Bluetooth Low Energy using Gattacker for IoT<br><a target="_blank" href="https://blog.attify.com/hacking-bluetooth-low-energy/">https://blog.attify.com/hacking-bluetooth-low-energy/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>如何在插件中植入后门<br><a target="_blank" href="https://www.anquanke.com/post/id/103569">https://www.anquanke.com/post/id/103569</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>CloudFront Hijacking<br><a target="_blank" href="https://www.mindpointgroup.com/blog/pen-test/cloudfront-hijacking/">https://www.mindpointgroup.com/blog/pen-test/cloudfront-hijacking/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>同源策略和跨域访问学习笔记<br><a target="_blank" href="http://uknowsec.cn/posts/notes/%E5%90%8C%E6%BA%90%E7%AD%96%E7%95%A5%E5%92%8C%E8%B7%A8%E5%9F%9F%E8%AE%BF%E9%97%AE%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0.html">http://uknowsec.cn/posts/notes/%E5%90%8C%E6%BA%90%E7%AD%96%E7%95%A5%E5%92%8C%E8%B7%A8%E5%9F%9F%E8%AE%BF%E9%97%AE%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Exim Off-by-one(CVE-2018-6789)漏洞复现分析<br><a target="_blank" href="https://paper.seebug.org/557/">https://paper.seebug.org/557/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Hacked Website Trend Report – 2017<br><a target="_blank" href="https://sucuri.net/reports/Sucuri-Hacked-Report-2017.pdf">https://sucuri.net/reports/Sucuri-Hacked-Report-2017.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP代码/命令注入小结<br><a target="_blank" href="https://mp.weixin.qq.com/s/e-qNJaXZh-t5H7AJEOBIAQ">https://mp.weixin.qq.com/s/e-qNJaXZh-t5H7AJEOBIAQ</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>SSL_TLS 攻击原理解析<br><a target="_blank" href="https://mp.weixin.qq.com/s/W620Pdu6qvoqjacSRPRVyg">https://mp.weixin.qq.com/s/W620Pdu6qvoqjacSRPRVyg</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>BACKDOORING PLUGINS<br><a target="_blank" href="https://www.gironsec.com/blog/2018/03/backdooring-plugins/">https://www.gironsec.com/blog/2018/03/backdooring-plugins/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>通过POC来学习漏洞的原理<br><a target="_blank" href="http://mp.weixin.qq.com/s/ogFLjUpd2HU60raUxGNWhg">http://mp.weixin.qq.com/s/ogFLjUpd2HU60raUxGNWhg</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>挖洞技巧-那个简单的威胁情报<br><a target="_blank" href="https://mp.weixin.qq.com/s/Fs6j-ufxxEMjyHnOJEnuGA">https://mp.weixin.qq.com/s/Fs6j-ufxxEMjyHnOJEnuGA</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Cobalt strike3.8 中文支持<br><a target="_blank" href="https://evi1cg.me/archives/CS3_8_chinese_support.html">https://evi1cg.me/archives/CS3_8_chinese_support.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>枚举kerberos域用户的字典<br><a target="_blank" href="https://github.com/re4lity/kerberos_enum_dict">https://github.com/re4lity/kerberos_enum_dict</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Cracking Passwords up to 256 Characters with Hashcat<br><a target="_blank" href="https://cyberarms.wordpress.com/2018/04/03/cracking-passwords-up-to-256-characters-with-hashcat/">https://cyberarms.wordpress.com/2018/04/03/cracking-passwords-up-to-256-characters-with-hashcat/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Beyond XSS: Edge Side Include Injection<br><a target="_blank" href="https://gosecure.net/2018/04/03/beyond-xss-edge-side-include-injection/">https://gosecure.net/2018/04/03/beyond-xss-edge-side-include-injection/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Threat Hunting via Windows Event Logs<br><a target="_blank" href="https://www.dropbox.com/s/50623g2yahys6bz/Threat%20Hunting%20via%20Windows%20Event%20Logs.pdf?dl=0">https://www.dropbox.com/s/50623g2yahys6bz/Threat%20Hunting%20via%20Windows%20Event%20Logs.pdf?dl=0</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>从sql注入到xslt再到xxe的一道ctf题目<br><a target="_blank" href="https://mp.weixin.qq.com/s/OVf3eUxjSq9N5wGzfg8F-Q">https://mp.weixin.qq.com/s/OVf3eUxjSq9N5wGzfg8F-Q</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Scriptable network authentication cracker<br><a target="_blank" href="https://github.com/kpcyrd/badtouch">https://github.com/kpcyrd/badtouch</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>揭露某些所谓&quot;大佬&quot;不为人知的另一面<br><a target="_blank" href="http://mp.weixin.qq.com/s/cRSJhhALlDX54stKj_kwoQ">http://mp.weixin.qq.com/s/cRSJhhALlDX54stKj_kwoQ</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>用150行python代码来做代码审计笔记<br><a target="_blank" href="http://mp.weixin.qq.com/s/ymyhrUxQIj0q9pDoZ2-x3A">http://mp.weixin.qq.com/s/ymyhrUxQIj0q9pDoZ2-x3A</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>利用ELK搭建Docker容器化应用日志中心<br><a target="_blank" href="https://www.jianshu.com/p/a40c36beee63">https://www.jianshu.com/p/a40c36beee63</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>SecWiki周刊（第213期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/213">https://www.sec-wiki.com/weekly/213</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Some trick in ssrf and trick in unserialize()<br><a target="_blank" href="https://mp.weixin.qq.com/s/MSYZOBRzvYdmdZR_wqBP7g">https://mp.weixin.qq.com/s/MSYZOBRzvYdmdZR_wqBP7g</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>BountyDash is a tool to combine your rewards from all platforms, giving you insi<br><a target="_blank" href="https://github.com/avlidienbrunn/bountydash">https://github.com/avlidienbrunn/bountydash</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>A Study on Threat Intelligence Platforms (TIPs) <br><a target="_blank" href="https://threatintel.eu/2018/04/04/a-study-on-threat-intelligence-platforms/">https://threatintel.eu/2018/04/04/a-study-on-threat-intelligence-platforms/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Summary of PHP code audit experience<br><a target="_blank" href="https://xz.aliyun.com/t/2246">https://xz.aliyun.com/t/2246</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Free IP address to ASN database<br><a target="_blank" href="https://iptoasn.com/">https://iptoasn.com/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>通过实例学习ROP技术<br><a target="_blank" href="http://mp.weixin.qq.com/s/wuTPDcKKe-EwrNwNo9Tjtg">http://mp.weixin.qq.com/s/wuTPDcKKe-EwrNwNo9Tjtg</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>记一次审计 xiaocms 的过程<br><a target="_blank" href="http://mp.weixin.qq.com/s/1G6q7Mk5aQL_9yZ6t58_nA">http://mp.weixin.qq.com/s/1G6q7Mk5aQL_9yZ6t58_nA</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>DetectMaliciousURL: Applying text model to Detection Task<br><a target="_blank" href="https://github.com/cwellszhang/DetectMaliciousURL">https://github.com/cwellszhang/DetectMaliciousURL</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Linux Kernel Defence Map<br><a target="_blank" href="https://github.com/a13xp0p0v/linux-kernel-defence-map">https://github.com/a13xp0p0v/linux-kernel-defence-map</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Code and slides for Zer0Con 2018 talk: Building a 1-day Exploit for Google Chrom<br><a target="_blank" href="https://github.com/theori-io/zer0con2018_bpak">https://github.com/theori-io/zer0con2018_bpak</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>优秀的 WIFI 渗透工具汇总<br><a target="_blank" href="https://mp.weixin.qq.com/s/Why61qJGeT0y6w2iHEBhiA">https://mp.weixin.qq.com/s/Why61qJGeT0y6w2iHEBhiA</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Attacking an FTP Client: MGETting more than you bargained for<br><a target="_blank" href="https://snyk.io/blog/attacking-an-ftp-client/">https://snyk.io/blog/attacking-an-ftp-client/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>解读NSA对APT组织的透视<br><a target="_blank" href="https://mp.weixin.qq.com/s/DfvAIZYuDTtNMkijJNledQ">https://mp.weixin.qq.com/s/DfvAIZYuDTtNMkijJNledQ</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>犯罪情报分析师知识和能力清单（初稿）<br><a target="_blank" href="https://mp.weixin.qq.com/s/i5iL6R6m_UtmXYGfrRa31w">https://mp.weixin.qq.com/s/i5iL6R6m_UtmXYGfrRa31w</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>看我如何让 360 把 helloword 干掉<br><a target="_blank" href="http://mp.weixin.qq.com/s/Fk6FWaCAYUq99DDJjDqukA">http://mp.weixin.qq.com/s/Fk6FWaCAYUq99DDJjDqukA</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>A malicious DNS server for executing DNS Rebinding attacks on the fly<br><a target="_blank" href="https://github.com/brannondorsey/whonow">https://github.com/brannondorsey/whonow</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>IAT 三连之什么是 IAT？<br><a target="_blank" href="http://mp.weixin.qq.com/s/NYL-9lOBoOXEJF1x3Lp4NA">http://mp.weixin.qq.com/s/NYL-9lOBoOXEJF1x3Lp4NA</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>安全对你来说意味着什么<br><a target="_blank" href="https://mp.weixin.qq.com/s/UciYiCpqV9BQArexmLEOMQ">https://mp.weixin.qq.com/s/UciYiCpqV9BQArexmLEOMQ</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Extract enpoints from apk files.<br><a target="_blank" href="https://github.com/UltimateHackers/Diggy">https://github.com/UltimateHackers/Diggy</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHP安全开发中常见的Dos风险<br><a target="_blank" href="http://mp.weixin.qq.com/s/zKmz6eamYCuWFGKmPWFqFA">http://mp.weixin.qq.com/s/zKmz6eamYCuWFGKmPWFqFA</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>PE 病毒与 msf 奇遇记<br><a target="_blank" href="http://mp.weixin.qq.com/s/kRMuGMFOxUCW0whh8TtlTQ">http://mp.weixin.qq.com/s/kRMuGMFOxUCW0whh8TtlTQ</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>从 Ajax 聊一聊 Jsonp 点击劫持<br><a target="_blank" href="http://mp.weixin.qq.com/s/0rTTpt0GtBDgdjVl0dDl8Q">http://mp.weixin.qq.com/s/0rTTpt0GtBDgdjVl0dDl8Q</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>利用DNS协议回显数据<br><a target="_blank" href="http://mp.weixin.qq.com/s/SZxWacuk5-rNqun76NtlIQ">http://mp.weixin.qq.com/s/SZxWacuk5-rNqun76NtlIQ</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>ring3层恶意代码实例汇总<br><a target="_blank" href="http://mp.weixin.qq.com/s/wY3KnCewAw6WS5bNYlm-2Q">http://mp.weixin.qq.com/s/wY3KnCewAw6WS5bNYlm-2Q</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>绕过应用程序白名单技巧<br><a target="_blank" href="http://mp.weixin.qq.com/s/NGYhrK4dH-ikfdklEA4nUQ">http://mp.weixin.qq.com/s/NGYhrK4dH-ikfdklEA4nUQ</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SQL 注入类型详解<br><a target="_blank" href="http://mp.weixin.qq.com/s/BQVS7alMSdy3_SQuMymkug">http://mp.weixin.qq.com/s/BQVS7alMSdy3_SQuMymkug</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>饿了么异地多活技术实现<br><a target="_blank" href="https://mp.weixin.qq.com/s/pKAYR1GxbQH51RkgkpmcOg">https://mp.weixin.qq.com/s/pKAYR1GxbQH51RkgkpmcOg</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Powershell绕过执行及脚本混淆<br><a target="_blank" href="http://mp.weixin.qq.com/s/cJwekK4rQUmEyZTAXX_PVQ">http://mp.weixin.qq.com/s/cJwekK4rQUmEyZTAXX_PVQ</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>路由器漏洞 EXP 开发实践<br><a target="_blank" href="http://mp.weixin.qq.com/s/PcuX4ZpxlRRlmwvA9v42mA">http://mp.weixin.qq.com/s/PcuX4ZpxlRRlmwvA9v42mA</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>打造属于自己的渗透神器<br><a target="_blank" href="http://mp.weixin.qq.com/s/prcJJWUKW3-76k3MYtQiUA">http://mp.weixin.qq.com/s/prcJJWUKW3-76k3MYtQiUA</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>代码审计之CmsEasy_v5.7 漏洞分析<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzA3NzE2MjgwMg==&amp;mid=2448903588&amp;idx=1&amp;sn=32009fbca5e1840e09c73e848407de82&amp;chksm=8b55ddf9bc2254efc5abaaace9f0d9d1d407aa07fea199557b2d62cc7c5c3fd6fdca5cdbaf8d&amp;mpshare=1&amp;scene=23&amp;srcid=0402sy1nInz3sHk3D4Go4jqn#rd">https://mp.weixin.qq.com/s?__biz=MzA3NzE2MjgwMg==&amp;mid=2448903588&amp;idx=1&amp;sn=32009fbca5e1840e09c73e848407de82&amp;chksm=8b55ddf9bc2254efc5abaaace9f0d9d1d407aa07fea199557b2d62cc7c5c3fd6fdca5cdbaf8d&amp;mpshare=1&amp;scene=23&amp;srcid=0402sy1nInz3sHk3D4Go4jqn#rd</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>pentestdb 架构详解<br><a target="_blank" href="http://mp.weixin.qq.com/s/b4cpUQf5K9oz2b3ka6dNgQ">http://mp.weixin.qq.com/s/b4cpUQf5K9oz2b3ka6dNgQ</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>DTD 实体 XXE 浅析<br><a target="_blank" href="http://mp.weixin.qq.com/s/vkCdz6YCoiiJPI30KePD6g">http://mp.weixin.qq.com/s/vkCdz6YCoiiJPI30KePD6g</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Shodan 参考手册<br><a target="_blank" href="http://mp.weixin.qq.com/s/SVl_YLhcfNgHya6jEnKx1g">http://mp.weixin.qq.com/s/SVl_YLhcfNgHya6jEnKx1g</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>打造属于自己的渗透神器 第二篇<br><a target="_blank" href="http://mp.weixin.qq.com/s/n6nfj9JovlhAw9D1aULzMA">http://mp.weixin.qq.com/s/n6nfj9JovlhAw9D1aULzMA</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>审计某开源商城中的漏洞大礼包<br><a target="_blank" href="http://mp.weixin.qq.com/s/iPOIUGOc9t-DjlFzOSqieg">http://mp.weixin.qq.com/s/iPOIUGOc9t-DjlFzOSqieg</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>VulnHub 中 LazySysAdmin 题目详解<br><a target="_blank" href="http://mp.weixin.qq.com/s/Auhpkoe1NRoHmZ4REYjZ-A">http://mp.weixin.qq.com/s/Auhpkoe1NRoHmZ4REYjZ-A</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>记一次有趣的渗透测试<br><a target="_blank" href="http://mp.weixin.qq.com/s/w5Dl54oOA7-XYuSIrguy-w">http://mp.weixin.qq.com/s/w5Dl54oOA7-XYuSIrguy-w</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>轻松理解什么是 webshell<br><a target="_blank" href="http://mp.weixin.qq.com/s/x2Tw3ukaTFDJvZ0YCuZBog">http://mp.weixin.qq.com/s/x2Tw3ukaTFDJvZ0YCuZBog</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>RedTiger 通关学习总结<br><a target="_blank" href="http://mp.weixin.qq.com/s/nqfI10K423fO_KculsE8UQ">http://mp.weixin.qq.com/s/nqfI10K423fO_KculsE8UQ</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>http 协议详解<br><a target="_blank" href="http://mp.weixin.qq.com/s/DshzEGF2B9Wd2dteu1NAXQ">http://mp.weixin.qq.com/s/DshzEGF2B9Wd2dteu1NAXQ</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Java代码审计-铁人下载系统<br><a target="_blank" href="https://mp.weixin.qq.com/s/8mmj-mixScgOKq7cL2_YcQ">https://mp.weixin.qq.com/s/8mmj-mixScgOKq7cL2_YcQ</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>审计 tinyshop 中风险<br><a target="_blank" href="http://mp.weixin.qq.com/s/tdyTY_x2AUYQAygHN15olA">http://mp.weixin.qq.com/s/tdyTY_x2AUYQAygHN15olA</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/214">SecWiki周刊(第214期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
